Here are some of the HOPE 26 talks that have been finalized. We will be updating this section every day from now until HOPE so keep checking!
Autonomous Exploitation at Scale 
Carter Pfaff
With the advent of powerful, open source, and lightweight large language models, the cost barriers that typically prevent targeted attacks – with people manually scanning, infecting, and exploiting – are vastly reduced. This talk presents a self-propagating worm which autonomously detects devices, enumerates their vulnerabilities and services, checks for exploits which could work on them, and exploits them and spreads to them, forming a distributed network. It discusses the limitations, design decisions, and tradeoffs made in the development.
Ambient Computing: When AI Moves to Your Face
Matt Desmarais
Smart glasses are rapidly evolving into always-on AI sensor platforms, but what happens when the platform is open and developers decide what the device does, what it senses, and where the data goes? Using Mentra Live, this talk explores a suite of experimental face-mounted AI applications, including a working implementation of the type of facial recognition Meta has publicly said it wants to deploy, built entirely in the open with every line of code visible and inspectable. Through live demonstrations and an unfiltered look at where closed platforms are heading, it examines the technical, ethical, and privacy implications of ambient computing and argues that openness is the only meaningful path toward accountability and user control.
A Practical Guide to Facial Recognition Evasion
Prowex, Rambo Anderson-You
Sick of being recognized everywhere? Us too! This talk covers physical disguise and facial recognition evasion techniques, both in the visible light and IR spectra. Prowex will talk and demo you through methods to use, and Rambo will introduce you to a tool he open sourced (nullface.me) that helps you check whether your facial disguise is working.
Leaking and Investigating the Epstein Files
Emma Best, Ryan Grim, Murtaza Hussain, Mikael Thalen
Moderated by: Alex Urbellis
This unique panel brings together leading journalists who published and investigated leaked emails from the Epstein files, exposing his network of collaborators and enablers in one of the most explosive political scandals in decades. Members of the panel will discuss receiving the leaks, preserving files removed by the Department of Justice, protecting the privacy of Epstein’s victims, and the process and fallout of investigating and reporting on the explosive files.
The Deceptive Web of Scam Compounds
Laura Sang Hee Scherling, EdD
This presentation examines the rise of scam compounds and the rapidly evolving characteristics of these industrial-scale fraudulent operations. A recent report by the United Nations Office on Drugs and Crime (UNODC) found that cyber-enabled fraud has intensified, resulting in billions of dollars in losses, with many of these malicious networks orchestrated by criminal syndicates in Southeast Asia. The UN estimates that hundreds of thousands of individuals have been trafficked and forced to labor in these illicit facilities. Crucially, as these syndicates integrate increasingly sophisticated technologies, they have also become highly mobile, routinely relocating entire compounds upon completing a “lifecycle of operations.” Dr. Scherling’s presentation draws from her extensive interviews with non-governmental organizations (NGOs), government agencies, investigative journalists, and compound survivors.
Real-Time Ad Blocking via HDMI Man-in-the-Middle
Cyril Engmann
You bought the TV, and you pay for the subscription – so why do you still get ads? Modern streaming ads are baked into the stream as the content, out of reach of any network hacks. Minus is a small device that sits between your streaming box and your television and does the blocking in hardware, with no cloud dependency, using open models running on a single-board computer. It intercepts the signal between a streaming stick and the TV and goes after ads on the screen itself. This talk offers a hands-on look at the hardware and ML detection pipeline, and a broader case for the right to control what plays on a device you own.
Telehack: Reconstructing the Experience of the Early Command-Line Internet
Rich Skrenta
Telehack is a simulation of a stylized ARPANET/Usenet, circa 1985-1990. It is a full multi-user simulation, including 26,600+ simulated hosts from the early net, thousands of files from the era, a collection of adventure and IF games, a working BASIC interpreter with a library of programs to run, simulated historical users, and more. Telehack is a noncommercial service operated for the purposes of education and preservation of online digital culture. Telehack is a game, a simulation, and a digital museum that has been operating for 15 years. Learn all about it at this talk.
No Laptop or Wi-Fi? No Problem: Democratizing Coding for the Mobile-Only World
David Schachter, Hal Eisen, Elissa Miller
For too long, access to programming resources has been limited by access to infrastructure. Nonprofit App Dev for All is challenging tech’s pay-to-play nature with Code on the Go, a powerful, free and open-source IDE that turns a budget Android smartphone into a professional workstation, even in regions without reliable Internet access. The presenters will demonstrate that even the most resource-constrained coders can build, compile, debug, and deploy full Android apps entirely offline on almost any Android phone.
HERMES: Secure, Long Distance Data Communication Over HF Radio
Peter Bloom
Rhizomatica has been working on a completely autonomous communication system called HERMES (hermes.radio) since 2017. HERMES is a fully FLOSS stack that has been built to use HF radio to create secure and very long-range (about 500 kilometers) digital communication links. HERMES has been deployed in the Amazon to support land defenders, on boats in Bangladesh to provide critical communications to fishermen, in war zones in Africa as part of early warning systems, etc. Due to current geopolitical situations that have us all concerned, it’s clear that HERMES can be a critical tool for hackers, privacy activists, and the general public to create autonomous and secure digital communication networks that are much harder to monitor or shut down compared to corporate-controlled ISPs.
Your OpSec Is Showing
Fae Carlisle (blu3bird)
Most of threat intelligence is built around explaining what already happened – malware analysis, post-compromise indicators, and campaign reports. But attackers aren’t constrained at the payload layer. They rotate domains, recompile malware, and shift infrastructure constantly. What they don’t change as easily is how they build and operate that infrastructure. This talk explores how to track threat actors by the systems they rely on rather than the payloads they deploy.
The Web in Numbers: What a Giant Copy of the Internet Reveals About All of Us
Thom Vaughan
Every month, the Common Crawl Foundation publishes a free, open snapshot of billions of web pages that anyone can download and analyze. This talk explores what you can learn when you actually do that. Attendees will walk through real analyses run against this data: how many websites are genuinely accessible to people with disabilities, how quickly the world is adopting IPv6 over the aging IPv4 system, and what is revealed about power and visibility online when looking at the web as a graph. All three topics are introduced from scratch, so no prior knowledge is assumed. Attendees will leave with practical tips for working with large public datasets on a modest budget, along with pointers for running their own analyses.
LIMA – No Vendor, No Cloud, No Trust: Open Source Tamper Attestation for Critical Infrastructure Hardware
Justin T. Knox
LIMA is an open-source attestation system that lets a field device cryptographically prove its sensor readings are authentic and untampered with – over a SCADA network or any network at all. The talk walks the full stack: a Zephyr RTOS firmware node on the nRF52840 signs sensor and accelerometer data with ECDSA-P256 using the chip’s onboard CryptoCell-310 hardware security engine, broadcasts 90-byte attested payloads over BLE extended advertising, and delivers them to a blind-relay Rust gateway that verifies every signature without ever holding a private key. A live demo – with a recorded fallback – shows a physical tamper event (a shock to a field device) propagating through the cryptographic chain to a verified alert in about a second. Justin will then cover why the project exists and who it is for (individuals and small operators through to enterprise deployments), and give a walkthrough on how to stand up an example node.
They’re Already Knocking: High-Interaction Honeypots for the Rest of Us
Aaron Levitt
The Internet can be a pretty scary place, and if you know where to look, you can find proof of that in your logs. This talk walks through the end-to-end deployment of a high-interaction honeypot: platform selection, decoy service configuration, network placement, and logs that surface actionable intelligence rather than a bunch of noise. Once the trap has been set, you’ll get a look at what it catches. Whether you’re an experienced security expert or just someone who wants to understand what’s going on with your network in the middle of the night, this talk will show you that running your own threat intelligence operation is easier than you think. All you need is a Linux box, a spare IP address, and the patience to watch and learn.
Inside North Korea’s Underground Tech Resistance: How Smugglers, Defectors, and Technologists Are Outmaneuvering the World’s Most Locked-Down Information System
Jon Thompson
This talk provides a layer-by-layer technical breakdown of North Korea’s civilian information-control system – covering custom Android handsets with mandatory state-signed APKs, a screenshot-based surveillance daemon called TraceViewer, steganographic file watermarking in Red Star OS, and a sealed national intranet with zero Internet access. The talk demonstrates how North Korean citizens and a network of defectors and technologists are actively circumventing it using sneakernets, smuggled phones, and purpose-built tools. The talk concludes with a structured call to action for the security community, presenting open engineering challenges in obfuscation, firmware exploitation, air-gapped deployment, embedded systems, and more that map directly to skills common among HOPE attendees, grounded throughout in tools that have been built, tested with defectors, and deployed through Liberty in North Korea’s underground network.
Can It Ham? Hackers, Hams, and the Signal Between Them
Terry “shoot3r” Schanno (NV0O), Andrew “livitup” Ohnstad (N3OCQ)
Hackers and amateur radio operators have more in common than either group tends to admit. One speaker came up through 1990s hacker culture – attending 2600 meetings and contributing to 2600: The Hacker Quarterly long before becoming a licensed amateur radio operator. The other has spent decades in amateur radio, only to discover through DEF CON that the hacker mindset had been there all along. Through the story of the “Can It Ham?” contest – where participants build working antennas from unconventional materials – this talk explores how RF experimentation, system-level curiosity, and hands-on exploration form a shared foundation between hackers and hams. This is a story about rediscovery, perception, and what happens when you remove labels and just start building.
How to Fight DDoS Attacks From the Command Line
Michael McMahon
Why are all of our favorite sites starting with “Just a moment…” and “Making sure you’re not a bot!” splash pages now? Since 2024, AI companies appear to be operating aggressive, vibe-coded scrapers behind residential proxy botnets, and sites have typically turned to commercial shields. Michael will share several tools and techniques that he uses as a systems administrator at the Free Software Foundation to keep the sites up on their own infrastructure. He will demo some of his own tools and the tech stack he uses regarding monitoring, firewalls, automation, analytics, ASN lookups/blocking, and geofencing.
Against the Edgelord International
Johannes Grenzfurthner
Hackers are trained to think in systems: attack surfaces, payloads, privilege escalation, persistence, obfuscation, cleanup. But contemporary politics and media culture increasingly operate in disturbingly similar ways. Narratives are injected, amplified, laundered, distorted, and made persistent across platforms, communities, and institutions. A meme can behave like a payload. A fake historical analogy can function like privilege escalation. A conspiracy theory can become a persistence mechanism. And in the age of generative AI, cultural exploits can be produced, varied, and deployed at industrial scale.
This talk proposes a hacker-oriented model of narrative warfare and cultural manipulation: the narrative exploit chain. Drawing from context hacking, media pranks, art activism, hacker history, propaganda studies, and Johannes’ own work in film, performance, and political subversion, it asks how stories become attack vectors, how irony becomes armor, how taboo-breaking becomes a recruitment funnel, and how communities can defend themselves without becoming humorless cops of consensus reality.
Feeling the Signal: Hacking Music Into Touch
Yi Wang
This talk explores how music can be experienced beyond hearing through touch, movement, and atmosphere. Inspired by the speaker’s personal experience as a hard-of-hearing music listener who loves going to music events, the project investigates how technology can create alternative sensory pathways for perceiving rhythm, emotion, and musical structure. Drawing from interviews, body-mapping experiments, and iterative prototyping, the talk presents a real-time system that translates musical features into tactile and visual experiences through haptic wearables, pneumatic interfaces, and generative visuals. Audience members will also have the opportunity to experience the prototypes firsthand, including a tactile composition created for “UV” by Vril, demonstrating how music can be felt through the body as rhythm, emotion, and shared physical presence. In addition to presenting prototypes, the talk explores how accessibility technology can function as a form of sensory enhancement and creative expression.
Wherever You Go, There You Are!
Mr. Icom
Hacking is about exploration, and although many articles about hacking may not be applicable to your area or situation for whatever reason, there is still plenty for you to explore and do where you live. This talk will attempt to bring these avenues of exploration to your attention, and show you the tools you will need to explore them. This is a beginner-level talk.
Daniel Temkin
LLMs write boring code. They reinforce the monoculture already achieved by the dominant, increasingly bland multi-paradigm languages that converge more every year. Esolangs are the resistance: small, nimble languages with alternate forms of computation. They create space for exploration and human expressiveness in the text of code. For example, where the AI prompt makes natural language discardable, resolving into a single, flattened interpretation in code, some esolangs (e.g. Prasa) bring the nuance and ambiguity of natural language into code itself. Meanwhile, many esolangs are surprisingly resistant to LLM code generation because of their odd approaches to nearly every aspect of how code is written and run. This talk will cover how esolangs counter not only the style but the values behind agentic coding and remind us that a bland future is not inevitable.